Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Firefox pages redirected to savetubevideo.com

Started by prince kapoor , Nov 23 2010 12:08 AM

  • Please log in to reply

#1
prince kapoor
Posted 23 November 2010 - 12:08 AM

prince kapoor

    Member

  • Member
  • PipPip
  • 14 posts
OS- windows xp professional
firefox version 3.6.12.


hi,
my problem is my browser(Firefox) redirects to http://www.landing.savetubevideo.com/ automatically. :D

pls help guys
thanks in advance

my OTL.txt goes here

OTL logfile created on: 23/11/2010 12:31:49 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rudra\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 2.63 Gb Free Space | 17.93% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 12.87 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 19.63 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
Drive F: | 36.74 Gb Total Space | 19.69 Gb Free Space | 53.60% Space Free | Partition Type: NTFS
Drive G: | 15.63 Gb Total Space | 7.77 Gb Free Space | 49.70% Space Free | Partition Type: NTFS
Drive H: | 29.29 Gb Total Space | 3.91 Gb Free Space | 13.33% Space Free | Partition Type: NTFS
Drive I: | 14.65 Gb Total Space | 14.57 Gb Free Space | 99.45% Space Free | Partition Type: NTFS

Computer Name: ADHUNIK-ECD7422 | User Name: Rudra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
PRC - [2010/11/04 20:34:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/04 20:34:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/02 03:06:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/17 10:43:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/07 20:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/07 04:48:46 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/08/04 10:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2004/08/04 10:27:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\acquia-drupal\xmail\XMail.exe -- (XMail)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/12 13:45:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/07 20:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 20:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 20:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 20:17:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 20:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 20:16:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/11/03 23:16:34 | 006,273,504 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/10/30 18:44:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/13 22:59:04 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/13 22:59:04 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/09/24 18:58:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [1996/04/04 01:03:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:8.17
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..keyword.URL: "http://www.veerboo.c...results.php?q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/06 15:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 17:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 13:21:47 | 000,000,000 | ---D | M]

[2010/07/07 05:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Extensions
[2010/11/23 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions
[2010/11/22 21:07:13 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/08/03 22:05:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/22 15:37:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/11/22 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/11/15 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/11/22 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\SearchHelper
[2010/10/07 10:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/07/19 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/08/05 10:34:01 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\askcom.xml
[2010/07/11 06:20:51 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\mywebsearch.xml
[2010/11/23 09:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 13:21:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/18 13:21:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/11/23 11:54:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 03:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:26 | 000,000,102 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:26 | 000,000,102 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell\AutoRun\command - "" = K:\.\ShowModem.exe -- File not found
O33 - MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 12:31:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\site_flash
[2010/11/23 12:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1)
[2010/11/23 12:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\GooredFix Backups
[2010/11/23 12:02:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:54:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/23 11:53:02 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\erunt
[2010/11/23 11:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/23 11:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\PriceGong
[2010/11/23 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller
[2010/11/22 22:02:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/22 21:29:20 | 000,000,000 | ---D | C] -- E:\Just Enough Web Programming with XHTML, PHP, and MySQL [CuPpY]
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Conduit
[2010/11/22 21:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\BitTorrentBar
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\ConduitEngine
[2010/11/22 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2010/11/22 20:55:03 | 000,000,000 | ---D | C] -- E:\GTA
[2010/11/22 20:19:34 | 000,000,000 | ---D | C] -- E:\database
[2010/11/22 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/11/22 16:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/21 16:46:47 | 000,000,000 | ---D | C] -- E:\TutsPlus - WordPress as a CMS
[2010/11/20 15:42:46 | 000,000,000 | ---D | C] -- E:\be 1 on google
[2010/11/20 14:51:23 | 000,000,000 | ---D | C] -- E:\CSS.Amazing.Website.Templates.Pack.0001-LegalTorrents
[2010/11/19 10:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\deepti 19 nov 2010
[2010/11/18 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/18 13:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/18 13:21:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/18 13:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/18 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Sun
[2010/11/18 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\New Folder
[2010/11/17 18:49:05 | 000,000,000 | ---D | C] -- E:\Google Talk Received Files
[2010/11/15 21:27:58 | 000,000,000 | ---D | C] -- E:\How To Develop Money-Making Sites With Wordpress & Article Marketing
[2010/11/15 20:37:41 | 000,000,000 | ---D | C] -- E:\WordPress For Dummies 2nd Ed~tqw~_darksiderg
[2010/11/14 16:49:44 | 000,000,000 | ---D | C] -- E:\Adsense Business In A Box + Software + Master Resale Wrights
[2010/11/14 16:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER NOVA
[2010/11/14 15:56:01 | 000,000,000 | ---D | C] -- E:\Google Adsense
[2010/11/14 15:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ipiya
[2010/11/13 15:28:37 | 000,000,000 | ---D | C] -- E:\PHP 5 For Dummies [Dark Demon] [h33t]
[2010/11/13 11:40:50 | 000,000,000 | ---D | C] -- E:\PHP & MySQL For Dummies, 2nd Edition - allfreebooks.tk
[2010/11/12 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/12 13:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/11/11 12:14:56 | 000,000,000 | ---D | C] -- E:\PDF
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\My Documents
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- E:\Flash Slideshow Maker Professional
[2010/11/09 14:16:55 | 000,000,000 | ---D | C] -- E:\Java 2 - The Complete Reference (5th Edition)
[2010/11/08 15:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ringtone
[2010/11/08 15:36:36 | 000,000,000 | ---D | C] -- E:\CrystalButton
[2010/11/08 14:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ap
[2010/11/06 18:47:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rudra\Recent
[2010/10/30 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/30 16:41:40 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2010/10/30 15:08:16 | 000,000,000 | ---D | C] -- E:\My Art
[2010/10/30 14:52:06 | 000,000,000 | ---D | C] -- E:\NPS
[2010/10/30 14:51:37 | 000,000,000 | R--D | C] -- E:\My Videos
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:44:31 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/10/30 14:44:25 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/10/30 14:42:20 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/10/30 14:42:20 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/10/30 14:42:20 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/10/30 14:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/30 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/30 14:41:49 | 000,000,000 | ---D | C] -- E:\My NPS Files
[2010/10/30 14:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/10/30 14:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/30 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/28 18:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\Html
[2010/10/28 18:08:54 | 000,000,000 | ---D | C] -- E:\Downloads
[2010/10/28 18:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\prince
[2010/10/28 13:52:05 | 000,000,000 | ---D | C] -- E:\My Palettes
[2010/10/28 13:51:54 | 000,000,000 | ---D | C] -- E:\Corel
[2010/10/28 12:02:32 | 000,000,000 | ---D | C] -- E:\The KMPlayer
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Pictures
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Music
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Help
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Help
[2010/10/28 11:39:02 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:30:08 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:11 | 000,694,756 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003UA.job
[2010/11/23 12:04:14 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 12:02:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:58:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 11:58:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 11:54:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/23 11:53:02 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:51:47 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:49:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 11:46:22 | 000,166,298 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:58:18 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:57:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/22 21:28:47 | 021,831,720 | ---- | M] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 20:39:43 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 20:07:36 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 19:05:27 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:56 | 000,014,951 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:45:05 | 000,000,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:26 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 20:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core.job
[2010/11/21 16:44:02 | 000,012,632 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:57 | 000,137,080 | ---- | M] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:41:35 | 036,253,069 | ---- | M] () -- E:\40 Expensive Website Templates.zip
[2010/11/17 20:56:30 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:52 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:53:37 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/16 15:17:10 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:18:27 | 000,027,648 | ---- | M] () -- E:\Q.P..doc
[2010/11/16 11:12:04 | 000,000,162 | -H-- | M] () -- E:\~$Q.P..doc
[2010/11/15 20:57:54 | 000,633,856 | ---- | M] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:08:18 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\PROFILES.doc
[2010/11/15 14:05:05 | 000,508,160 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:41:02 | 067,017,157 | ---- | M] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 16:28:02 | 001,862,462 | ---- | M] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:19:28 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 16:18:57 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 14:42:58 | 001,454,136 | ---- | M] () -- E:\BlogAutoPoster.exe
[2010/11/14 14:00:00 | 000,590,252 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:03 | 000,297,757 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:34 | 000,990,208 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:31 | 000,276,563 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:21 | 000,255,184 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:58 | 000,255,199 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:23 | 000,255,197 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 14:03:43 | 000,255,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:31 | 011,708,527 | ---- | M] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:11:00 | 000,036,433 | ---- | M] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:25 | 013,773,484 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:48 | 000,008,780 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/04 19:26:01 | 009,578,256 | ---- | M] () -- E:\final airtel data.xlsx
[2010/11/04 17:27:57 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/11/01 12:51:52 | 426,393,088 | ---- | M] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 16:39:49 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/10/30 16:39:49 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/10/30 16:39:49 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/10/30 16:39:49 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/10/30 14:46:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/30 14:41:24 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:03:38 | 000,277,887 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/10/29 10:51:45 | 000,016,353 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/28 18:47:50 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/28 17:43:25 | 000,012,742 | RHS- | M] () -- E:\Winsys64.vbs
[2010/10/28 17:43:25 | 000,012,742 | RHS- | M] () -- C:\WINDOWS\Winsys64.vbs
[2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () -- E:\autorun.inf
[2010/10/28 11:37:25 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/10/28 10:29:40 | 000,042,865 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 12:30:07 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:07 | 000,694,756 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:03:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 11:51:47 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:46:15 | 000,166,298 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:57:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:09:08 | 021,831,720 | ---- | C] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 19:05:27 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:55 | 000,014,951 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:44:43 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:14 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 16:46:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/21 16:44:01 | 000,012,632 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:43 | 000,137,080 | ---- | C] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:29:12 | 036,253,069 | ---- | C] () -- E:\40 Expensive Website Templates.zip
[2010/11/17 20:56:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:52:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:15:59 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:12:04 | 000,000,162 | -H-- | C] () -- E:\~$Q.P..doc
[2010/11/16 11:12:03 | 000,027,648 | ---- | C] () -- E:\Q.P..doc
[2010/11/15 20:55:55 | 000,633,856 | ---- | C] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:08:17 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\PROFILES.doc
[2010/11/15 14:04:55 | 000,508,160 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:22:42 | 001,862,462 | ---- | C] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:18:57 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 15:57:32 | 067,017,157 | ---- | C] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 15:33:07 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 14:40:21 | 001,454,136 | ---- | C] () -- E:\BlogAutoPoster.exe
[2010/11/14 13:59:32 | 000,590,252 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:01 | 000,297,757 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:06 | 000,990,208 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:30 | 000,276,563 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:20 | 000,255,184 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:57 | 000,255,199 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:22 | 000,255,197 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 13:02:00 | 000,255,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:32 | 011,708,527 | ---- | C] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:10:58 | 000,036,433 | ---- | C] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:12 | 013,773,484 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:47 | 000,008,780 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/04 19:25:35 | 009,578,256 | ---- | C] () -- E:\final airtel data.xlsx
[2010/10/30 20:30:41 | 426,393,088 | ---- | C] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 16:39:49 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/10/30 16:39:49 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/10/30 16:39:49 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/10/30 16:39:49 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/10/30 14:41:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:10:13 | 006,568,994 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\only chef.cdr
[2010/10/29 10:51:45 | 000,016,353 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/29 10:46:11 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/29 10:33:29 | 000,277,887 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- E:\Winsys64.vbs
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- C:\WINDOWS\Winsys64.vbs
[2010/10/28 17:43:25 | 000,000,102 | RHS- | C] () -- E:\autorun.inf
[2010/10/11 11:28:18 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/10/11 11:28:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/10/11 11:28:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/09/20 17:32:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2010/09/20 13:48:29 | 000,000,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/09/01 22:09:05 | 001,013,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/23 12:05:24 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/05 20:35:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/13 02:20:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/07/11 05:07:54 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/07/08 09:13:38 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/08 09:13:38 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\28BF592721.sys
[2010/07/08 07:19:49 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 04:51:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 19:52:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/06 15:41:13 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/08/04 10:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 21:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/04 01:03:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/07/07 06:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/04 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/10/30 14:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/18 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/04 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/07 04:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/11/22 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/23 11:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/04 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Aleo Software
[2010/11/22 22:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\BitTorrent
[2010/08/03 11:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\CoreFTP
[2010/10/06 12:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\CrystalButton
[2010/09/27 09:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Dropbox
[2010/08/29 14:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Excel_Application
[2010/08/27 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Green Parrots Software
[2010/10/30 14:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/08/18 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PlayFirst
[2010/08/18 23:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Playrix Entertainment
[2010/11/23 11:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PriceGong
[2010/11/09 17:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/07/10 01:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >
PRC - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
PRC - [2010/11/04 20:34:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/04 20:34:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/02 03:06:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/10/17 10:43:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/07 20:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/07 04:48:46 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/08/04 10:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2004/08/04 10:27:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 08:01:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\acquia-drupal\xmail\XMail.exe -- (XMail)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/12 13:45:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/07 20:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 20:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 20:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 20:17:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 20:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 20:16:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/11/03 23:16:34 | 006,273,504 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/10/30 18:44:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/13 22:59:04 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/13 22:59:04 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/09/24 18:58:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [1996/04/04 01:03:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:8.17
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..keyword.URL: "http://www.veerboo.c...results.php?q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/06 15:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 17:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 13:21:47 | 000,000,000 | ---D | M]

[2010/07/07 05:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Extensions
[2010/11/23 09:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions
[2010/11/22 21:07:13 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/08/03 22:05:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/22 15:37:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/11/22 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/11/15 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/11/22 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\SearchHelper
[2010/10/07 10:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/07/19 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/08/05 10:34:01 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\askcom.xml
[2010/07/11 06:20:51 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\mywebsearch.xml
[2010/11/23 09:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 13:21:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/18 13:21:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/11/23 11:54:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 03:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:26 | 000,000,102 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:26 | 000,000,102 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell\AutoRun\command - "" = K:\.\ShowModem.exe -- File not found
O33 - MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 12:31:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\site_flash
[2010/11/23 12:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1)
[2010/11/23 12:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\GooredFix Backups
[2010/11/23 12:02:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:54:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/23 11:53:02 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\erunt
[2010/11/23 11:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/23 11:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\PriceGong
[2010/11/23 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller
[2010/11/22 22:02:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/22 21:29:20 | 000,000,000 | ---D | C] -- E:\Just Enough Web Programming with XHTML, PHP, and MySQL [CuPpY]
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Conduit
[2010/11/22 21:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\BitTorrentBar
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\ConduitEngine
[2010/11/22 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2010/11/22 20:55:03 | 000,000,000 | ---D | C] -- E:\GTA
[2010/11/22 20:19:34 | 000,000,000 | ---D | C] -- E:\database
[2010/11/22 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/11/22 16:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/21 16:46:47 | 000,000,000 | ---D | C] -- E:\TutsPlus - WordPress as a CMS
[2010/11/20 15:42:46 | 000,000,000 | ---D | C] -- E:\be 1 on google
[2010/11/20 14:51:23 | 000,000,000 | ---D | C] -- E:\CSS.Amazing.Website.Templates.Pack.0001-LegalTorrents
[2010/11/19 10:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\deepti 19 nov 2010
[2010/11/18 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/18 13:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/18 13:21:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/18 13:21:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 13:21:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 13:21:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 13:21:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 13:21:47 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/18 13:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/18 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Sun
[2010/11/18 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\New Folder
[2010/11/17 18:49:05 | 000,000,000 | ---D | C] -- E:\Google Talk Received Files
[2010/11/15 21:27:58 | 000,000,000 | ---D | C] -- E:\How To Develop Money-Making Sites With Wordpress & Article Marketing
[2010/11/15 20:37:41 | 000,000,000 | ---D | C] -- E:\WordPress For Dummies 2nd Ed~tqw~_darksiderg
[2010/11/14 16:49:44 | 000,000,000 | ---D | C] -- E:\Adsense Business In A Box + Software + Master Resale Wrights
[2010/11/14 16:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER NOVA
[2010/11/14 15:56:01 | 000,000,000 | ---D | C] -- E:\Google Adsense
[2010/11/14 15:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ipiya
[2010/11/13 15:28:37 | 000,000,000 | ---D | C] -- E:\PHP 5 For Dummies [Dark Demon] [h33t]
[2010/11/13 11:40:50 | 000,000,000 | ---D | C] -- E:\PHP & MySQL For Dummies, 2nd Edition - allfreebooks.tk
[2010/11/12 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/12 13:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/11/11 12:14:56 | 000,000,000 | ---D | C] -- E:\PDF
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\My Documents
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- E:\Flash Slideshow Maker Professional
[2010/11/09 14:16:55 | 000,000,000 | ---D | C] -- E:\Java 2 - The Complete Reference (5th Edition)
[2010/11/08 15:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ringtone
[2010/11/08 15:36:36 | 000,000,000 | ---D | C] -- E:\CrystalButton
[2010/11/08 14:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ap
[2010/11/06 18:47:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rudra\Recent
[2010/10/30 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/30 16:41:40 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2010/10/30 15:08:16 | 000,000,000 | ---D | C] -- E:\My Art
[2010/10/30 14:52:06 | 000,000,000 | ---D | C] -- E:\NPS
[2010/10/30 14:51:37 | 000,000,000 | R--D | C] -- E:\My Videos
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:44:31 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/10/30 14:44:25 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/10/30 14:42:20 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/10/30 14:42:20 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/10/30 14:42:20 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/10/30 14:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/30 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/30 14:41:49 | 000,000,000 | ---D | C] -- E:\My NPS Files
[2010/10/30 14:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/10/30 14:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/30 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/28 18:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\Html
[2010/10/28 18:08:54 | 000,000,000 | ---D | C] -- E:\Downloads
[2010/10/28 18:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\prince
[2010/10/28 13:52:05 | 000,000,000 | ---D | C] -- E:\My Palettes
[2010/10/28 13:51:54 | 000,000,000 | ---D | C] -- E:\Corel
[2010/10/28 12:02:32 | 000,000,000 | ---D | C] -- E:\The KMPlayer
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Pictures
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Music
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Help
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Help
[2010/10/28 11:39:02 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:30:08 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:11 | 000,694,756 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:07:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003UA.job
[2010/11/23 12:04:14 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 12:02:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:58:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 11:58:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 11:54:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/23 11:53:02 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:51:47 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:49:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 11:46:22 | 000,166,298 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:58:18 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:57:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/22 21:28:47 | 021,831,720 | ---- | M] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 20:39:43 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 20:07:36 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 19:05:27 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:56 | 000,014,951 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:45:05 | 000,000,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:26 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 20:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core.job
[2010/11/21 16:44:02 | 000,012,632 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:57 | 000,137,080 | ---- | M] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:41:35 | 036,253,069 | ---- | M] () -- E:\40 Expensive Website Templates.zip
[2010/11/18 13:21:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 13:21:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 13:21:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 13:21:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 13:21:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/17 20:56:30 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:52 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:53:37 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/16 15:17:10 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:18:27 | 000,027,648 | ---- | M] () -- E:\Q.P..doc
[2010/11/16 11:12:04 | 000,000,162 | -H-- | M] () -- E:\~$Q.P..doc
[2010/11/15 20:57:54 | 000,633,856 | ---- | M] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:08:18 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\PROFILES.doc
[2010/11/15 14:05:05 | 000,508,160 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:41:02 | 067,017,157 | ---- | M] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 16:28:02 | 001,862,462 | ---- | M] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:19:28 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 16:18:57 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 14:42:58 | 001,454,136 | ---- | M] () -- E:\BlogAutoPoster.exe
[2010/11/14 14:00:00 | 000,590,252 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:03 | 000,297,757 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:34 | 000,990,208 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:31 | 000,276,563 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:21 | 000,255,184 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:58 | 000,255,199 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:23 | 000,255,197 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 14:03:43 | 000,255,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:31 | 011,708,527 | ---- | M] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:11:00 | 000,036,433 | ---- | M] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:25 | 013,773,484 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:48 | 000,008,780 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/04 19:26:01 | 009,578,256 | ---- | M] () -- E:\final airtel data.xlsx
[2010/11/04 17:27:57 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/11/01 12:51:52 | 426,393,088 | ---- | M] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 16:39:49 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/10/30 16:39:49 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/10/30 16:39:49 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/10/30 16:39:49 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/10/30 14:46:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/30 14:41:24 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:03:38 | 000,277,887 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/10/29 10:51:45 | 000,016,353 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/28 18:47:50 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/28 17:43:25 | 000,012,742 | RHS- | M] () -- E:\Winsys64.vbs
[2010/10/28 17:43:25 | 000,012,742 | RHS- | M] () -- C:\WINDOWS\Winsys64.vbs
[2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () -- E:\autorun.inf
[2010/10/28 11:37:25 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/10/28 10:29:40 | 000,042,865 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 12:30:07 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:07 | 000,694,756 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:03:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 11:51:47 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:46:15 | 000,166,298 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:57:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:09:08 | 021,831,720 | ---- | C] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 19:05:27 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:55 | 000,014,951 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:44:43 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:14 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 16:46:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/21 16:44:01 | 000,012,632 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:43 | 000,137,080 | ---- | C] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:29:12 | 036,253,069 | ---- | C] () -- E:\40 Expensive Website Templates.zip
[2010/11/17 20:56:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:52:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:15:59 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:12:04 | 000,000,162 | -H-- | C] () -- E:\~$Q.P..doc
[2010/11/16 11:12:03 | 000,027,648 | ---- | C] () -- E:\Q.P..doc
[2010/11/15 20:55:55 | 000,633,856 | ---- | C] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:08:17 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\PROFILES.doc
[2010/11/15 14:04:55 | 000,508,160 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:22:42 | 001,862,462 | ---- | C] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:18:57 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 15:57:32 | 067,017,157 | ---- | C] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 15:33:07 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 14:40:21 | 001,454,136 | ---- | C] () -- E:\BlogAutoPoster.exe
[2010/11/14 13:59:32 | 000,590,252 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:01 | 000,297,757 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:06 | 000,990,208 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:30 | 000,276,563 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:20 | 000,255,184 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:57 | 000,255,199 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:22 | 000,255,197 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 13:02:00 | 000,255,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:32 | 011,708,527 | ---- | C] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:10:58 | 000,036,433 | ---- | C] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:12 | 013,773,484 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:47 | 000,008,780 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/04 19:25:35 | 009,578,256 | ---- | C] () -- E:\final airtel data.xlsx
[2010/10/30 20:30:41 | 426,393,088 | ---- | C] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 16:39:49 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2010/10/30 16:39:49 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2010/10/30 16:39:49 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2010/10/30 16:39:49 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2010/10/30 14:41:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:10:13 | 006,568,994 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\only chef.cdr
[2010/10/29 10:51:45 | 000,016,353 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/29 10:46:11 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/29 10:33:29 | 000,277,887 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- E:\Winsys64.vbs
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- C:\WINDOWS\Winsys64.vbs
[2010/10/28 17:43:25 | 000,000,102 | RHS- | C] () -- E:\autorun.inf
[2010/10/11 11:28:18 | 000,000,062 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/10/11 11:28:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/10/11 11:28:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/09/20 17:32:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2010/09/20 13:48:29 | 000,000,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/09/01 22:09:05 | 001,013,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/23 12:05:24 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/05 20:35:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/13 02:20:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/07/11 05:07:54 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/07/08 09:13:38 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/08 09:13:38 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\28BF592721.sys
[2010/07/08 07:19:49 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 04:51:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 19:52:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/06 15:41:13 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/08/04 10:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 21:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/04 01:03:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/07/07 06:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/04 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/10/30 14:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/18 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/04 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/07 04:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/11/22 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/23 11:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/04 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Aleo Software
[2010/11/22 22:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\BitTorrent
[2010/08/03 11:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\CoreFTP
[2010/10/06 12:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\CrystalButton
[2010/09/27 09:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Dropbox
[2010/08/29 14:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Excel_Application
[2010/08/27 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Green Parrots Software
[2010/10/30 14:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/08/18 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PlayFirst
[2010/08/18 23:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Playrix Entertainment
[2010/11/23 11:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PriceGong
[2010/11/09 17:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/07/10 01:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >

Edited by prince kapoor, 23 November 2010 - 01:16 AM.

  • 0

Advertisements

#2
RKinner
Posted 23 November 2010 - 07:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,446 posts
  • MVP
Copy the text in the code box below by highlighting and then Ctrl + c :

:Services
XMail
HidServ
szkgfs
szkg5
is3srv
FsUsbExDisk

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\acquia-drupal\xmail\XMail.exe -- (XMail)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\is3srv.sys -- (is3srv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk)
FF - prefs.js..network.proxy.type: 4
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:25 | 000,000,102 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:26 | 000,000,102 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/28 17:43:26 | 000,000,102 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\Shell\AutoRun\command - "" = K:\.\ShowModem.exe -- File not found
O33 - MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\Shell\AutoRun - "" = Auto&Play
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- E:\Winsys64.vbs
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- C:\WINDOWS\Winsys64.vbs
[2010/10/28 17:43:25 | 000,000,102 | RHS- | C] () -- E:\autorun.inf

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings]
"Timeout"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NofolderOptions"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"SysDll33"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"= "1"

Run OTL and paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.

Uninstall the

ask.com toolbar (foistware)
and utorrent (Dangerous to use. P2P files are often the source of infections)

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
    [list]
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Download and install Autorrun Eater 2.5
http://www.softpedia...run-Eater.shtml

This is a small program that will stay resident and prevent infected USB devices from infecting your PC again.

Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

Link 1
Link 2
Link 3


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the report which can also be found at:C:\ComboFix.txt

Turn your anti-virus back on.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run OTL and press the QuickScan button and post the log.

Ron
  • 0

#3
prince kapoor
Posted 23 November 2010 - 10:10 AM

prince kapoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hi RKinner
otl custom scan log goes here

========== SERVICES/DRIVERS ==========
Service XMail stopped successfully!
Service XMail deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service szkgfs stopped successfully!
Service szkgfs deleted successfully!
Service szkg5 stopped successfully!
Service szkg5 deleted successfully!
Service is3srv stopped successfully!
Service is3srv deleted successfully!
Service FsUsbExDisk stopped successfully!
Service FsUsbExDisk deleted successfully!
========== OTL ==========
Error: No service named XMail was found to stop!
Service\Driver key XMail not found.
File C:\Program Files\acquia-drupal\xmail\XMail.exe not found.
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
File C:\WINDOWS\System32\hidserv.dll not found.
Error: No service named szkgfs was found to stop!
Service\Driver key szkgfs not found.
File C:\WINDOWS\System32\drivers\szkgfs.sys not found.
Error: No service named szkg5 was found to stop!
Service\Driver key szkg5 not found.
File C:\WINDOWS\System32\DRIVERS\szkg.sys not found.
Error: No service named is3srv was found to stop!
Service\Driver key is3srv not found.
File C:\WINDOWS\System32\drivers\is3srv.sys not found.
Error: No service named FsUsbExDisk was found to stop!
Service\Driver key FsUsbExDisk not found.
File C:\WINDOWS\System32\FsUsbExDisk.SYS not found.
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.
C:\Program Files\BitTorrentBar\tbBitT.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files\BitTorrentBar\tbBitT.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
File C:\Program Files\BitTorrentBar\tbBitT.dll not found.
File D:\autorun.inf not found.
File E:\autorun.inf not found.
File F:\autorun.inf not found.
File G:\autorun.inf not found.
File H:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea1741c-e369-11df-843a-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ea1741c-e369-11df-843a-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ea1741c-e369-11df-843a-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11551852-e64e-11df-8443-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11551852-e64e-11df-8443-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11551852-e64e-11df-8443-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19db9e4c-e3f6-11df-843c-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19db9e4c-e3f6-11df-843c-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19db9e4c-e3f6-11df-843c-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ffebf5e-e70f-11df-8444-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ffebf5e-e70f-11df-8444-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ffebf5e-e70f-11df-8444-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2030cfd0-c941-11df-83dd-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2030cfd0-c941-11df-83dd-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2030cfd0-c941-11df-83dd-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2030cfd0-c941-11df-83dd-00241d9707c0}\ not found.
File K:\.\ShowModem.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25006214-e59d-11df-8440-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25006214-e59d-11df-8440-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25006214-e59d-11df-8440-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5880ee27-e572-11df-843f-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5880ee27-e572-11df-843f-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5880ee27-e572-11df-843f-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ff1220f-9298-11df-82ca-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ff1220f-9298-11df-82ca-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ff1220f-9298-11df-82ca-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a1b4e2-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a1b4f1-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a1b50d-f2d2-11df-8464-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc589f72-e28b-11df-8436-00241d9707c0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc589f72-e28b-11df-8436-00241d9707c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc589f72-e28b-11df-8436-00241d9707c0}\ not found.
File E:\Winsys64.vbs not found.
File C:\WINDOWS\Winsys64.vbs not found.
File E:\autorun.inf not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\\Timeout deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\SysDll33 not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"| "1" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 11232010_203236



i wasnt alble to find "ask toolbar" anywhere on pc.
utorrent is also not in my pc.


Flash_Disinfector.exe is not working on my pc. i tried to open it but its not working. :D


Installed autorun eater succesfully.

Combo fix log goes here.

ComboFix 10-11-22.05 - Rudra 23/11/2010 20:48:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1394 [GMT 5.5:30]
Running from: c:\documents and settings\Rudra\Desktop\george.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rudra\Application Data\PriceGong
c:\documents and settings\Rudra\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rudra\Application Data\PriceGong\Data\z.xml
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\ChilkatMail_v7_9.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\rrt_is.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_vf.wav
c:\windows\system32\WINWORD.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 15:09 . 2010-11-23 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-11-23 15:09 . 2010-11-23 15:09 -------- d-----w- c:\program files\Autorun Eater
2010-11-23 15:02 . 2010-11-23 15:02 -------- d-----w- C:\_OTL
2010-11-23 10:37 . 2010-11-23 10:37 -------- d-----w- c:\program files\VaxTech
2010-11-23 06:24 . 2010-11-23 06:24 -------- d-----w- C:\_OTM
2010-11-22 16:32 . 2010-11-22 16:33 -------- d-----w- c:\windows\system32\NtmsData
2010-11-22 15:37 . 2010-11-23 05:37 -------- d-----w- c:\documents and settings\Rudra\Local Settings\Application Data\Conduit
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\program files\Conduit
2010-11-22 15:37 . 2010-11-23 05:37 -------- d-----w- c:\documents and settings\Rudra\Local Settings\Application Data\BitTorrentBar
2010-11-22 15:37 . 2010-11-23 15:02 -------- d-----w- c:\program files\BitTorrentBar
2010-11-22 10:46 . 2010-11-22 10:46 -------- d-----w- c:\program files\Common Files\iS3
2010-11-22 10:46 . 2010-11-22 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-11-21 11:30 . 2010-11-21 11:40 21688030 ----a-w- c:\documents and settings\Rudra\video_21-11-2010(17.00.27).tmp
2010-11-21 11:16 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-18 07:52 . 2010-11-18 07:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-18 07:51 . 2010-11-18 07:51 -------- d-----w- c:\windows\Sun
2010-11-18 07:51 . 2010-11-18 07:51 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-18 07:51 . 2010-11-18 07:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-18 07:51 . 2010-11-18 07:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 07:51 . 2010-11-18 07:51 -------- d-----w- c:\program files\Java
2010-11-14 10:48 . 2010-11-14 10:48 -------- d-----w- c:\program files\SUPER NOVA
2010-11-14 10:03 . 2010-11-14 10:03 -------- d-----w- c:\program files\Ipiya
2010-11-12 11:56 . 2007-02-20 10:34 190696 ----a-w- c:\program files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe
2010-11-12 11:56 . 2007-02-20 10:34 2463976 ----a-w- c:\program files\Mozilla Firefox\plugins\NPSWF32.dll
2010-11-12 08:23 . 2010-11-12 08:23 -------- d-----w- c:\program files\Bonjour
2010-11-12 08:15 . 2010-11-12 08:15 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-30 11:12 . 2010-10-30 11:12 -------- d-----w- c:\program files\Trend Micro
2010-10-30 11:11 . 2010-10-30 11:11 -------- d-----w- C:\RRTVAULT
2010-10-30 09:52 . 2004-08-04 04:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-30 09:18 . 2010-10-30 09:18 -------- d-----w- c:\documents and settings\Rudra\Application Data\PC Suite
2010-10-30 09:18 . 2010-10-30 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-10-30 09:14 . 2007-05-02 11:01 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-10-30 09:14 . 2007-09-17 10:23 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-30 09:12 . 2009-03-20 04:31 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-10-30 09:12 . 2009-03-20 04:31 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-10-30 09:12 . 2009-03-20 04:31 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-10-30 09:11 . 2010-10-30 09:16 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-10-30 09:11 . 2010-10-30 09:11 -------- d-----w- c:\program files\DIFX
2010-10-30 09:11 . 2010-11-09 12:02 -------- d-----w- c:\documents and settings\Rudra\Application Data\Samsung
2010-10-30 09:10 . 2010-11-09 12:00 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-30 09:09 . 2010-11-22 06:47 -------- d-----w- c:\program files\Samsung
2010-10-28 06:15 . 2010-10-28 06:15 -------- d-----w- c:\documents and settings\Rudra\Local Settings\Application Data\Help
2010-10-28 06:09 . 2010-10-28 06:07 720896 ----a-w- c:\windows\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 10:20 . 2010-09-26 10:20 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-09-26 10:19 . 2010-09-26 10:19 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-09-26 10:18 . 2010-09-26 10:18 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-09-20 10:01 . 2010-07-08 03:43 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-20 10:01 . 2010-07-08 03:43 88 --sh--r- c:\documents and settings\All Users\Application Data\28BF592721.sys
2010-09-10 18:11 . 2010-09-10 18:11 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 18:10 . 2010-09-10 18:10 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 18:10 . 2010-09-10 18:10 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 18:10 . 2010-09-10 18:10 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 18:10 . 2010-09-10 18:10 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-07 15:12 . 2010-07-21 07:37 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-21 07:21 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-21 07:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-21 07:22 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-07-21 07:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-07-21 07:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-07-21 07:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-21 07:22 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-07-21 07:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-07-06 2803200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 17:37 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 23:17 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMDownloading your update...1285781003180]
2010-01-13 11:41 95592 ----a-w- c:\program files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-07-06 23:18 2803200 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-09 18:56 136176 ----atw- c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-11-24 22:30 173592 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-11-24 22:30 141336 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 11:57 5248312 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveReportAgent]
2010-08-10 10:20 202240 ----a-w- c:\program files\Common Files\Motive\McciBootStrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-11-24 22:30 141336 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 23:45 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 12:34 2879488 ----a-w- c:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"h:\\SOFTWARES\\Tally\\tally9.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/07/2010 12:52 PM 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 11:40 PM 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 11:40 PM 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/07/2010 12:52 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/07/2010 6:07 AM 136176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [30/10/2010 2:42 PM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [30/10/2010 2:42 PM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [30/10/2010 2:42 PM 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:37]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:37]

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core.job
- c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 18:56]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003UA.job
- c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 18:56]
.
.
------- Supplementary Scan -------
.
TCP: {1BA601DE-2A76-4CB3-ACB7-9CE6EC5EFDC8} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - prefs.js: network.proxy.type -
FF - component: c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 20:54
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Autorun Eater\billy.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-23 21:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-23 15:30

Pre-Run: 2,690,355,200 bytes free
Post-Run: 2,551,320,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EBC6A685C7BC1BADBCA37804DB23345F






MBAM LOG FILE GOES HERE..

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5176

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23/11/2010 9:18:33 PM
mbam-log-2010-11-23 (21-18-33).txt

Scan type: Quick scan
Objects scanned: 148910
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minbho.showbarobj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minbho.showbarobj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




THE FINAL OTL LOG FILE GOES HERE

OTL logfile created on: 23/11/2010 9:21:32 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rudra\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 2.40 Gb Free Space | 16.36% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 12.90 Gb Free Space | 26.42% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 19.63 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
Drive F: | 36.74 Gb Total Space | 19.69 Gb Free Space | 53.60% Space Free | Partition Type: NTFS
Drive G: | 15.63 Gb Total Space | 7.77 Gb Free Space | 49.70% Space Free | Partition Type: NTFS
Drive H: | 29.29 Gb Total Space | 3.91 Gb Free Space | 13.33% Space Free | Partition Type: NTFS

Computer Name: ADHUNIK-ECD7422 | User Name: Rudra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
PRC - [2010/11/04 20:34:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/04 20:34:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/17 10:43:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/07 20:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/07 04:48:46 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/08/04 10:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2004/08/04 10:27:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/12 13:45:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\george\catchme.sys -- (catchme)
DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/07 20:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 20:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 20:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 20:17:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 20:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 20:16:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/11/03 23:16:34 | 006,273,504 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/10/30 18:44:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/13 22:59:04 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/13 22:59:04 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/09/24 18:58:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [1996/04/04 01:03:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:8.17
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
FF - prefs.js..keyword.URL: "http://www.veerboo.c...results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/06 15:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 17:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 13:21:47 | 000,000,000 | ---D | M]

[2010/07/07 05:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Extensions
[2010/11/23 21:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions
[2010/08/03 22:05:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/22 15:37:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/11/15 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/11/22 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\SearchHelper
[2010/10/07 10:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/07/19 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/08/05 10:34:01 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\askcom.xml
[2010/07/11 06:20:51 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\mywebsearch.xml
[2010/11/23 21:07:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 13:21:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/18 13:21:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/11/23 20:54:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 03:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 21:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Malwarebytes
[2010/11/23 21:08:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/23 21:08:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 21:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/23 21:04:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rudra\Desktop\mbam-setup-1.46.exe
[2010/11/23 20:48:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/23 20:45:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/23 20:45:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/23 20:45:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/23 20:45:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/23 20:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/23 20:44:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/23 20:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/11/23 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2010/11/23 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\aesetup2.5
[2010/11/23 20:32:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/23 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\VaxTech
[2010/11/23 12:31:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\site_flash
[2010/11/23 12:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1)
[2010/11/23 12:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\GooredFix Backups
[2010/11/23 12:02:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:54:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/23 11:53:02 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\erunt
[2010/11/23 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller
[2010/11/22 22:02:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/22 21:29:20 | 000,000,000 | ---D | C] -- E:\Just Enough Web Programming with XHTML, PHP, and MySQL [CuPpY]
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Conduit
[2010/11/22 21:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\BitTorrentBar
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\ConduitEngine
[2010/11/22 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2010/11/22 20:55:03 | 000,000,000 | ---D | C] -- E:\GTA
[2010/11/22 20:19:34 | 000,000,000 | ---D | C] -- E:\database
[2010/11/22 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/11/22 16:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/21 16:46:47 | 000,000,000 | ---D | C] -- E:\TutsPlus - WordPress as a CMS
[2010/11/20 15:42:46 | 000,000,000 | ---D | C] -- E:\be 1 on google
[2010/11/20 14:51:23 | 000,000,000 | ---D | C] -- E:\CSS.Amazing.Website.Templates.Pack.0001-LegalTorrents
[2010/11/19 10:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\deepti 19 nov 2010
[2010/11/18 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/18 13:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/18 13:21:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/18 13:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/18 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Sun
[2010/11/18 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\New Folder
[2010/11/17 18:49:05 | 000,000,000 | ---D | C] -- E:\Google Talk Received Files
[2010/11/15 21:27:58 | 000,000,000 | ---D | C] -- E:\How To Develop Money-Making Sites With Wordpress & Article Marketing
[2010/11/15 20:37:41 | 000,000,000 | ---D | C] -- E:\WordPress For Dummies 2nd Ed~tqw~_darksiderg
[2010/11/14 16:49:44 | 000,000,000 | ---D | C] -- E:\Adsense Business In A Box + Software + Master Resale Wrights
[2010/11/14 16:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER NOVA
[2010/11/14 15:56:01 | 000,000,000 | ---D | C] -- E:\Google Adsense
[2010/11/14 15:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ipiya
[2010/11/13 15:28:37 | 000,000,000 | ---D | C] -- E:\PHP 5 For Dummies [Dark Demon] [h33t]
[2010/11/13 11:40:50 | 000,000,000 | ---D | C] -- E:\PHP & MySQL For Dummies, 2nd Edition - allfreebooks.tk
[2010/11/12 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/12 13:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/11/11 12:14:56 | 000,000,000 | ---D | C] -- E:\PDF
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\My Documents
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- E:\Flash Slideshow Maker Professional
[2010/11/09 14:16:55 | 000,000,000 | ---D | C] -- E:\Java 2 - The Complete Reference (5th Edition)
[2010/11/08 15:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ringtone
[2010/11/08 15:36:36 | 000,000,000 | ---D | C] -- E:\CrystalButton
[2010/11/08 14:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ap
[2010/11/06 18:47:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rudra\Recent
[2010/10/30 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/30 16:41:40 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2010/10/30 15:08:16 | 000,000,000 | ---D | C] -- E:\My Art
[2010/10/30 14:52:06 | 000,000,000 | ---D | C] -- E:\NPS
[2010/10/30 14:51:37 | 000,000,000 | R--D | C] -- E:\My Videos
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:44:31 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/10/30 14:44:25 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/10/30 14:42:20 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/10/30 14:42:20 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/10/30 14:42:20 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/10/30 14:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/30 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/30 14:41:49 | 000,000,000 | ---D | C] -- E:\My NPS Files
[2010/10/30 14:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/10/30 14:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/30 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/28 18:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\Html
[2010/10/28 18:08:54 | 000,000,000 | ---D | C] -- E:\Downloads
[2010/10/28 18:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\prince
[2010/10/28 13:52:05 | 000,000,000 | ---D | C] -- E:\My Palettes
[2010/10/28 13:51:54 | 000,000,000 | ---D | C] -- E:\Corel
[2010/10/28 12:02:32 | 000,000,000 | ---D | C] -- E:\The KMPlayer
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Pictures
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Music
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Help
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Help
[2010/10/28 11:39:02 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/23 21:08:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 21:07:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003UA.job
[2010/11/23 21:06:10 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rudra\Desktop\mbam-setup-1.46.exe
[2010/11/23 20:54:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 20:54:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/23 20:53:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 20:48:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/23 20:43:49 | 003,914,095 | R--- | M] () -- C:\Documents and Settings\Rudra\Desktop\george.exe
[2010/11/23 20:40:46 | 000,069,709 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Combofix-file197.html
[2010/11/23 20:39:34 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/11/23 20:39:04 | 001,364,101 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\aesetup2.5.zip
[2010/11/23 20:36:10 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Flash_Disinfector.exe
[2010/11/23 16:03:43 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 15:49:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/23 15:49:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:30:08 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:11 | 000,694,756 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:04:14 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 12:02:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:53:02 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:51:47 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:46:22 | 000,166,298 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:58:18 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:57:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/22 21:28:47 | 021,831,720 | ---- | M] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 20:07:36 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 19:05:27 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:56 | 000,014,951 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:45:05 | 000,000,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:26 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 20:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core.job
[2010/11/21 16:44:02 | 000,012,632 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:57 | 000,137,080 | ---- | M] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:41:35 | 036,253,069 | ---- | M] () -- E:\40 Expensive Website Templates.zip
[2010/11/17 20:56:30 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:52 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:53:37 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:17:10 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:18:27 | 000,027,648 | ---- | M] () -- E:\Q.P..doc
[2010/11/16 11:12:04 | 000,000,162 | -H-- | M] () -- E:\~$Q.P..doc
[2010/11/15 20:57:54 | 000,633,856 | ---- | M] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:05:05 | 000,508,160 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:41:02 | 067,017,157 | ---- | M] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 16:28:02 | 001,862,462 | ---- | M] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:19:28 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 16:18:57 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 14:42:58 | 001,454,136 | ---- | M] () -- E:\BlogAutoPoster.exe
[2010/11/14 14:00:00 | 000,590,252 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:03 | 000,297,757 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:34 | 000,990,208 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:31 | 000,276,563 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:21 | 000,255,184 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:58 | 000,255,199 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:23 | 000,255,197 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 14:03:43 | 000,255,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:31 | 011,708,527 | ---- | M] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:11:00 | 000,036,433 | ---- | M] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:25 | 013,773,484 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:48 | 000,008,780 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 19:26:01 | 009,578,256 | ---- | M] () -- E:\final airtel data.xlsx
[2010/11/04 17:27:57 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/11/01 12:51:52 | 426,393,088 | ---- | M] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 14:46:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/30 14:41:24 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:03:38 | 000,277,887 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/10/29 10:51:45 | 000,016,353 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/28 18:47:50 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/28 11:37:25 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/10/28 10:29:40 | 000,042,865 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 21:08:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 20:48:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/23 20:48:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/23 20:45:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/23 20:45:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/23 20:45:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/23 20:45:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/23 20:45:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/23 20:41:21 | 003,914,095 | R--- | C] () -- C:\Documents and Settings\Rudra\Desktop\george.exe
[2010/11/23 20:40:44 | 000,069,709 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Combofix-file197.html
[2010/11/23 20:39:34 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/11/23 20:38:42 | 001,364,101 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\aesetup2.5.zip
[2010/11/23 20:36:06 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Flash_Disinfector.exe
[2010/11/23 12:30:07 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:07 | 000,694,756 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:03:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 11:51:47 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:46:15 | 000,166,298 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:57:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:09:08 | 021,831,720 | ---- | C] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 19:05:27 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:55 | 000,014,951 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:44:43 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:14 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 16:46:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/21 16:44:01 | 000,012,632 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:43 | 000,137,080 | ---- | C] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:29:12 | 036,253,069 | ---- | C] () -- E:\40 Expensive Website Templates.zip
[2010/11/17 20:56:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:52:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:15:59 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:12:04 | 000,000,162 | -H-- | C] () -- E:\~$Q.P..doc
[2010/11/16 11:12:03 | 000,027,648 | ---- | C] () -- E:\Q.P..doc
[2010/11/15 20:55:55 | 000,633,856 | ---- | C] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:04:55 | 000,508,160 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:22:42 | 001,862,462 | ---- | C] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:18:57 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 15:57:32 | 067,017,157 | ---- | C] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 15:33:07 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 14:40:21 | 001,454,136 | ---- | C] () -- E:\BlogAutoPoster.exe
[2010/11/14 13:59:32 | 000,590,252 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:01 | 000,297,757 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:06 | 000,990,208 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:30 | 000,276,563 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:20 | 000,255,184 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:57 | 000,255,199 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:22 | 000,255,197 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 13:02:00 | 000,255,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:32 | 011,708,527 | ---- | C] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:10:58 | 000,036,433 | ---- | C] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:12 | 013,773,484 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:47 | 000,008,780 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/04 19:25:35 | 009,578,256 | ---- | C] () -- E:\final airtel data.xlsx
[2010/10/30 20:30:41 | 426,393,088 | ---- | C] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 14:41:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:10:13 | 006,568,994 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\only chef.cdr
[2010/10/29 10:51:45 | 000,016,353 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/29 10:46:11 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/29 10:33:29 | 000,277,887 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/09/20 17:32:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2010/09/20 13:48:29 | 000,000,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/09/01 22:09:05 | 001,013,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/23 12:05:24 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/05 20:35:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/13 02:20:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/07/11 05:07:54 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/07/08 09:13:38 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/08 09:13:38 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\28BF592721.sys
[2010/07/08 07:19:49 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 04:51:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 19:52:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/06 15:41:13 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/08/04 10:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 21:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/04 01:03:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/07/07 06:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/23 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/08/04 18:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/10/30 14:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/18 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/04 17:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2010/07/07 04:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/11/22 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/23 20:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/04 18:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Aleo Software
[2010/11/23 16:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\BitTorrent
[2010/08/03 11:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\CoreFTP
[2010/10/06 12:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\CrystalButton
[2010/09/27 09:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Dropbox
[2010/08/29 14:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Excel_Application
[2010/08/27 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Green Parrots Software
[2010/10/30 14:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/08/18 20:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\PlayFirst
[2010/08/18 23:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Playrix Entertainment
[2010/11/09 17:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/07/10 01:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >



DEAR RKINNER, SEEMS THAT THE BUG IS SOLVED NOW, THANKS ALOT .
YOU GUYS ARE GREAT MAN.
THANKS THANKS
  • 0

#4
prince kapoor
Posted 23 November 2010 - 10:52 AM

prince kapoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
alas!,
bug is not fixed :D .
please help.
  • 0

#5
RKinner
Posted 24 November 2010 - 03:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,446 posts
  • MVP
Sorry for the delay but the email notification seems to be broken.

What you had originally:

[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- E:\Winsys64.vbs
[2010/10/28 17:43:25 | 000,012,742 | RHS- | C] () -- C:\WINDOWS\Winsys64.vbs
[2010/10/28 17:43:25 | 000,000,102 | RHS- | C] () -- E:\autorun.inf

indicates an infected USB device so it's possible that you reinserted the infected device tho Autorun eater should have caught it and warned you but it is possible to override it.

Did you not get an Extras log when you first ran OTL? It would show me what is installed. Rerun the OTL RunFix I gave you before.

Then let's start over and run OTL again. This time:

Select either the Use SafeList or All option in the Extra Registry group before performing the Scan. That should give us a new Extras file.

Run Combofix again too. Remember to pause your antivirus.

Not sure why Flash Disinfector won't run but it might be stopped by Avast or Comodo. Try turning them both off, download the file, run it and see if that helps. If it still won't run then open a command window:

Start, Run, cmd, OK then type:

cd \

(selects the C:\ directory)

mkdir autorun.inf

(If it doesn't work then:

attrib -r -h -s autorun.inf

del autorun.inf

(then try again.))

d:
cd \
mkdir autorun.inf

(If it doesn't work then do the attrib and del commands as above.)

repeat for each drive and each USB device.



Is there a reason you do not have XP SP3?

Ron
  • 0

#6
prince kapoor
Posted 25 November 2010 - 12:38 AM

prince kapoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello RKinner,

OTL LOG GOES HERE

OTL logfile created on: 25/11/2010 11:32:53 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rudra\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 2.14 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 12.90 Gb Free Space | 26.42% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 19.63 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
Drive F: | 36.74 Gb Total Space | 19.69 Gb Free Space | 53.60% Space Free | Partition Type: NTFS
Drive G: | 15.63 Gb Total Space | 7.77 Gb Free Space | 49.70% Space Free | Partition Type: NTFS
Drive H: | 29.29 Gb Total Space | 3.91 Gb Free Space | 13.33% Space Free | Partition Type: NTFS
Drive I: | 29.63 Gb Total Space | 29.57 Gb Free Space | 99.78% Space Free | Partition Type: NTFS

Computer Name: ADHUNIK-ECD7422 | User Name: Rudra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
PRC - [2010/10/17 10:43:42 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/07 20:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/07 04:48:46 | 002,803,200 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/08/04 10:26:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2004/08/04 10:27:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 08:01:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/12 13:45:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\george\catchme.sys -- (catchme)
DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/07 20:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 20:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 20:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 20:17:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 20:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 20:16:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/11/03 23:16:34 | 006,273,504 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/10/30 18:44:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/13 22:59:04 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/13 22:59:04 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/09/24 18:58:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [1996/04/04 01:03:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "www.google-feed.net"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:8.17
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.2
FF - prefs.js..keyword.URL: "http://www.veerboo.c...results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/06 15:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/24 14:11:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/24 14:11:11 | 000,000,000 | ---D | M]

[2010/07/07 05:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Extensions
[2010/11/24 15:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions
[2010/08/03 22:05:08 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/22 15:37:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/11/15 11:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/11/22 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\SearchHelper
[2010/10/07 10:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/07/19 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\[email protected]
[2010/08/05 10:34:01 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\askcom.xml
[2010/07/11 06:20:51 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\searchplugins\mywebsearch.xml
[2010/11/24 15:01:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 13:21:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/18 13:21:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/23 20:54:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rudra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 03:01:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/25 11:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\logs
[2010/11/25 11:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\school1
[2010/11/24 14:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\school
[2010/11/23 22:25:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/23 21:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Malwarebytes
[2010/11/23 21:08:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/23 21:08:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 21:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/23 21:04:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rudra\Desktop\mbam-setup-1.46.exe
[2010/11/23 20:48:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/23 20:45:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/23 20:45:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/23 20:45:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/23 20:45:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/23 20:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/23 20:44:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/23 20:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/11/23 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2010/11/23 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\aesetup2.5
[2010/11/23 20:32:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/23 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\VaxTech
[2010/11/23 12:31:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\site_flash
[2010/11/23 12:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1)
[2010/11/23 12:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\GooredFix Backups
[2010/11/23 12:02:48 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:54:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/11/23 11:53:02 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\erunt
[2010/11/23 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\tdsskiller
[2010/11/22 22:02:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/22 21:29:20 | 000,000,000 | ---D | C] -- E:\Just Enough Web Programming with XHTML, PHP, and MySQL [CuPpY]
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/22 21:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Conduit
[2010/11/22 21:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\BitTorrentBar
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/11/22 21:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\ConduitEngine
[2010/11/22 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2010/11/22 20:55:03 | 000,000,000 | ---D | C] -- E:\GTA
[2010/11/22 20:19:34 | 000,000,000 | ---D | C] -- E:\database
[2010/11/22 16:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/11/22 16:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/21 16:46:47 | 000,000,000 | ---D | C] -- E:\TutsPlus - WordPress as a CMS
[2010/11/20 15:42:46 | 000,000,000 | ---D | C] -- E:\be 1 on google
[2010/11/20 14:51:23 | 000,000,000 | ---D | C] -- E:\CSS.Amazing.Website.Templates.Pack.0001-LegalTorrents
[2010/11/19 10:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\deepti 19 nov 2010
[2010/11/18 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/18 13:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/18 13:21:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/11/18 13:21:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 13:21:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 13:21:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 13:21:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 13:21:47 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/18 13:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/18 13:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Sun
[2010/11/18 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\New Folder
[2010/11/17 18:49:05 | 000,000,000 | ---D | C] -- E:\Google Talk Received Files
[2010/11/15 21:27:58 | 000,000,000 | ---D | C] -- E:\How To Develop Money-Making Sites With Wordpress & Article Marketing
[2010/11/15 20:37:41 | 000,000,000 | ---D | C] -- E:\WordPress For Dummies 2nd Ed~tqw~_darksiderg
[2010/11/14 16:49:44 | 000,000,000 | ---D | C] -- E:\Adsense Business In A Box + Software + Master Resale Wrights
[2010/11/14 16:18:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPER NOVA
[2010/11/14 15:56:01 | 000,000,000 | ---D | C] -- E:\Google Adsense
[2010/11/14 15:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ipiya
[2010/11/13 15:28:37 | 000,000,000 | ---D | C] -- E:\PHP 5 For Dummies [Dark Demon] [h33t]
[2010/11/13 11:40:50 | 000,000,000 | ---D | C] -- E:\PHP & MySQL For Dummies, 2nd Edition - allfreebooks.tk
[2010/11/12 13:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/12 13:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/11/11 12:14:56 | 000,000,000 | ---D | C] -- E:\PDF
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\My Documents
[2010/11/09 17:36:58 | 000,000,000 | ---D | C] -- E:\Flash Slideshow Maker Professional
[2010/11/09 14:16:55 | 000,000,000 | ---D | C] -- E:\Java 2 - The Complete Reference (5th Edition)
[2010/11/08 15:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ringtone
[2010/11/08 15:36:36 | 000,000,000 | ---D | C] -- E:\CrystalButton
[2010/11/08 14:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\ap
[2010/11/06 18:47:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rudra\Recent
[2010/10/30 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/30 16:41:40 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2010/10/30 15:08:16 | 000,000,000 | ---D | C] -- E:\My Art
[2010/10/30 14:52:06 | 000,000,000 | ---D | C] -- E:\NPS
[2010/10/30 14:51:37 | 000,000,000 | R--D | C] -- E:\My Videos
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\PC Suite
[2010/10/30 14:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/30 14:44:31 | 000,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/10/30 14:44:25 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/10/30 14:42:20 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/10/30 14:42:20 | 000,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/10/30 14:42:20 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/10/30 14:42:20 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/10/30 14:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/30 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/30 14:41:49 | 000,000,000 | ---D | C] -- E:\My NPS Files
[2010/10/30 14:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Samsung
[2010/10/30 14:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/10/30 14:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/10/28 18:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\Html
[2010/10/28 18:08:54 | 000,000,000 | ---D | C] -- E:\Downloads
[2010/10/28 18:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Desktop\prince
[2010/10/28 13:52:05 | 000,000,000 | ---D | C] -- E:\My Palettes
[2010/10/28 13:51:54 | 000,000,000 | ---D | C] -- E:\Corel
[2010/10/28 12:02:32 | 000,000,000 | ---D | C] -- E:\The KMPlayer
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Pictures
[2010/10/28 12:01:35 | 000,000,000 | R--D | C] -- E:\My Music
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Local Settings\Application Data\Help
[2010/10/28 11:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rudra\Application Data\Help
[2010/10/28 11:39:02 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/25 11:17:31 | 000,643,798 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\school1.zip
[2010/11/25 11:07:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003UA.job
[2010/11/25 11:00:32 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/25 10:59:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/25 10:59:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/24 22:49:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/24 21:19:22 | 000,001,372 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\dd-hide-admin.zip
[2010/11/24 21:18:13 | 000,003,014 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\dd-hide-admin.php
[2010/11/24 20:07:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core.job
[2010/11/24 19:29:09 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Untitled-1.html
[2010/11/24 19:12:23 | 000,632,832 | ---- | M] () -- E:\AdSense Auto Pilot $100 per Day (Worth $599).doc
[2010/11/24 18:48:21 | 000,131,832 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\wp-mail-smtp.0.8.6.zip
[2010/11/24 18:31:53 | 000,007,696 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ico-email-support (1).png
[2010/11/24 18:31:41 | 000,007,696 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ico-email-support.png
[2010/11/24 17:11:01 | 000,107,257 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\FREEmium_wordpress_theme.zip
[2010/11/24 15:00:52 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/24 14:51:39 | 000,698,699 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\school.zip
[2010/11/24 12:03:41 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\sitemap.xml.gz.dap
[2010/11/23 21:08:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 21:06:10 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rudra\Desktop\mbam-setup-1.46.exe
[2010/11/23 20:54:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/23 20:48:10 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/11/23 20:43:49 | 003,914,095 | R--- | M] () -- C:\Documents and Settings\Rudra\Desktop\george.exe
[2010/11/23 20:40:46 | 000,069,709 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Combofix-file197.html
[2010/11/23 20:39:34 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/11/23 20:39:04 | 001,364,101 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\aesetup2.5.zip
[2010/11/23 20:36:10 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Flash_Disinfector.exe
[2010/11/23 15:49:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/23 12:31:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTL.exe
[2010/11/23 12:30:08 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:11 | 000,694,756 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:04:14 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 12:02:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Rudra\Desktop\GooredFix.exe
[2010/11/23 11:53:02 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rudra\Desktop\OTM.exe
[2010/11/23 11:51:47 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:46:22 | 000,166,298 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:58:18 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:28:47 | 021,831,720 | ---- | M] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 20:07:36 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 19:05:27 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:56 | 000,014,951 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:45:05 | 000,000,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:26 | 000,092,862 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 16:44:02 | 000,012,632 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:57 | 000,137,080 | ---- | M] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:41:35 | 036,253,069 | ---- | M] () -- E:\40 Expensive Website Templates.zip
[2010/11/18 13:21:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 13:21:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 13:21:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 13:21:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 13:21:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/17 20:56:30 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:52 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:53:37 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:17:10 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:18:27 | 000,027,648 | ---- | M] () -- E:\Q.P..doc
[2010/11/16 11:12:04 | 000,000,162 | -H-- | M] () -- E:\~$Q.P..doc
[2010/11/15 20:57:54 | 000,633,856 | ---- | M] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:05:05 | 000,508,160 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:41:02 | 067,017,157 | ---- | M] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 16:28:02 | 001,862,462 | ---- | M] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:19:28 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 16:18:57 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 14:42:58 | 001,454,136 | ---- | M] () -- E:\BlogAutoPoster.exe
[2010/11/14 14:00:00 | 000,590,252 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:03 | 000,297,757 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:34 | 000,990,208 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:31 | 000,276,563 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:21 | 000,255,184 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:58 | 000,255,199 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:23 | 000,255,197 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 14:03:43 | 000,255,262 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:31 | 011,708,527 | ---- | M] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:11:00 | 000,036,433 | ---- | M] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:25 | 013,773,484 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:48 | 000,008,780 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 19:26:01 | 009,578,256 | ---- | M] () -- E:\final airtel data.xlsx
[2010/11/04 17:27:57 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/11/01 12:51:52 | 426,393,088 | ---- | M] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 14:46:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/30 14:41:24 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:03:38 | 000,277,887 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/10/29 10:51:45 | 000,016,353 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/28 18:47:50 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/28 11:37:25 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/10/28 10:29:40 | 000,042,865 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[1 C:\Documents and Settings\Rudra\*.tmp files -> C:\Documents and Settings\Rudra\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/25 11:17:30 | 000,643,798 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\school1.zip
[2010/11/24 21:19:22 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\dd-hide-admin.zip
[2010/11/24 21:18:13 | 000,003,014 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\dd-hide-admin.php
[2010/11/24 19:26:50 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Untitled-1.html
[2010/11/24 19:05:48 | 000,632,832 | ---- | C] () -- E:\AdSense Auto Pilot $100 per Day (Worth $599).doc
[2010/11/24 18:48:20 | 000,131,832 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\wp-mail-smtp.0.8.6.zip
[2010/11/24 18:31:53 | 000,007,696 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ico-email-support (1).png
[2010/11/24 18:31:41 | 000,007,696 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ico-email-support.png
[2010/11/24 17:11:12 | 000,107,257 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\FREEmium_wordpress_theme.zip
[2010/11/24 14:51:34 | 000,698,699 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\school.zip
[2010/11/24 12:03:40 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\sitemap.xml.gz.dap
[2010/11/23 21:08:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/23 20:48:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/23 20:48:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/23 20:45:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/23 20:45:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/23 20:45:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/23 20:45:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/23 20:45:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/23 20:41:21 | 003,914,095 | R--- | C] () -- C:\Documents and Settings\Rudra\Desktop\george.exe
[2010/11/23 20:40:44 | 000,069,709 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Combofix-file197.html
[2010/11/23 20:39:34 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/11/23 20:38:42 | 001,364,101 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\aesetup2.5.zip
[2010/11/23 20:36:06 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Flash_Disinfector.exe
[2010/11/23 12:30:07 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-23.json
[2010/11/23 12:11:07 | 000,694,756 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\site_flash.zip
[2010/11/23 12:03:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller (1).zip
[2010/11/23 11:51:47 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\erunt.zip
[2010/11/23 11:46:15 | 000,166,298 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~20090507045844_2.swf
[2010/11/23 10:57:57 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\tdsskiller.zip
[2010/11/22 21:09:08 | 021,831,720 | ---- | C] () -- E:\18 Powerful SEO Videos.zip
[2010/11/22 19:05:27 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/22 18:48:55 | 000,014,951 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\backup.html
[2010/11/22 18:44:43 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/11/22 16:18:14 | 000,092,862 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\bookmarks-2010-11-22.json
[2010/11/21 16:46:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/11/21 16:44:01 | 000,012,632 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\button_submit copy.jpg
[2010/11/20 21:49:43 | 000,137,080 | ---- | C] () -- E:\SEO-wordpress-tutorial.pdf
[2010/11/20 15:29:12 | 036,253,069 | ---- | C] () -- E:\40 Expensive Website Templates.zip
[2010/11/17 20:56:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\3.bmp
[2010/11/17 20:53:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\2.bmp
[2010/11/17 20:52:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\1.bmp
[2010/11/17 18:49:05 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Google Talk Received Files.lnk
[2010/11/16 15:15:59 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\WordPress For Dummies.lnk
[2010/11/16 11:12:04 | 000,000,162 | -H-- | C] () -- E:\~$Q.P..doc
[2010/11/16 11:12:03 | 000,027,648 | ---- | C] () -- E:\Q.P..doc
[2010/11/15 20:55:55 | 000,633,856 | ---- | C] () -- E:\ADSense Trick 2009 Gold Edition.doc
[2010/11/15 14:04:55 | 000,508,160 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Kingslay admission form.pdf
[2010/11/14 16:22:42 | 001,862,462 | ---- | C] () -- E:\Adsense SECRET - Profit In Less Than 5 Minutes.zip
[2010/11/14 16:18:57 | 000,001,060 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Blogspot Auto Poster Demo.exe.lnk
[2010/11/14 15:57:32 | 067,017,157 | ---- | C] () -- E:\Adsense Business In A Box + Software + Master Resale Wrights.zip
[2010/11/14 15:33:07 | 000,002,369 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Auto Post Blog.lnk
[2010/11/14 14:40:21 | 001,454,136 | ---- | C] () -- E:\BlogAutoPoster.exe
[2010/11/14 13:59:32 | 000,590,252 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\kingslay.swf
[2010/11/12 18:17:01 | 000,297,757 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks1.swf
[2010/11/12 16:48:06 | 000,990,208 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASH.fla
[2010/11/12 15:52:30 | 000,276,563 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\ks.swf
[2010/11/12 14:42:20 | 000,255,184 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefdep.swf
[2010/11/12 14:20:57 | 000,255,199 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchefa.swf
[2010/11/12 14:13:22 | 000,255,197 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHcheff.swf
[2010/11/12 13:02:00 | 000,255,262 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\~FLASHchef.swf
[2010/11/11 12:14:32 | 011,708,527 | ---- | C] () -- E:\deliveryreports_part11.pdf
[2010/11/11 12:10:58 | 000,036,433 | ---- | C] () -- E:\deliveryreports_part22.pdf
[2010/11/11 12:06:12 | 013,773,484 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part11.xls
[2010/11/11 11:51:47 | 000,008,780 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\deliveryreports_part22.xls
[2010/11/04 19:25:35 | 009,578,256 | ---- | C] () -- E:\final airtel data.xlsx
[2010/10/30 20:30:41 | 426,393,088 | ---- | C] () -- E:\29octdatadnt.xls
[2010/10/30 16:42:19 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\HijackThis.lnk
[2010/10/30 14:41:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Rudra\Application Data\$_hpcst$.hpc
[2010/10/30 14:04:38 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Shortcut to metamorph_wavesandstars.lnk
[2010/10/29 11:10:13 | 006,568,994 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\only chef.cdr
[2010/10/29 10:51:45 | 000,016,353 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\image86.gif
[2010/10/29 10:46:11 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\Course Details.doc
[2010/10/29 10:33:29 | 000,277,887 | ---- | C] () -- C:\Documents and Settings\Rudra\Desktop\FLASH.swf
[2010/09/20 17:32:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2010/09/20 13:48:29 | 000,000,421 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/09/01 22:09:05 | 001,013,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/23 12:05:24 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/05 20:35:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/13 02:20:09 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/07/11 05:07:54 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/07/08 09:13:38 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/08 09:13:38 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\28BF592721.sys
[2010/07/08 07:19:49 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Rudra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 04:51:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/06 19:52:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/06 15:41:13 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/08/04 10:26:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 21:06:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/04 01:03:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5

< End of report >


EXTRAS LOG GOES HERE

OTL Extras logfile created on: 25/11/2010 11:32:53 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rudra\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 2.14 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 12.90 Gb Free Space | 26.42% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 19.63 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
Drive F: | 36.74 Gb Total Space | 19.69 Gb Free Space | 53.60% Space Free | Partition Type: NTFS
Drive G: | 15.63 Gb Total Space | 7.77 Gb Free Space | 49.70% Space Free | Partition Type: NTFS
Drive H: | 29.29 Gb Total Space | 3.91 Gb Free Space | 13.33% Space Free | Partition Type: NTFS
Drive I: | 29.63 Gb Total Space | 29.57 Gb Free Space | 99.78% Space Free | Partition Type: NTFS

Computer Name: ADHUNIK-ECD7422 | User Name: Rudra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- Reg Error: Key error.
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"H:\SOFTWARES\Tally\tally9.exe" = H:\SOFTWARES\Tally\tally9.exe:*:Enabled:tally9 -- ()
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3488D1F4-F88A-4687-B878-5355389A47E0}" = Auto Post Blog
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5CA4A128-9E99-4082-93A6-AAC55836DA1A}" = fastsms Excel Plug-in
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BB33EAB-562A-406C-9F21-8B28EC5598B7}" = Blogspot Autoposter Demo feature
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC72EAD9-DE4B-4BCB-89F9-3AC138475634}_is1" = Likno Web Modal Windows Builder AutoPopup Add-in 1.0.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Aleo Flash Slideshow Gallery Maker_is1" = Aleo Flash Slideshow Gallery Maker 1.6
"Autorun Eater_is1" = Autorun Eater v2.5
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CCleaner" = CCleaner
"Compu Restaurant for Windows 1.8.3" = Compu Restaurant for Windows 1.8.3
"conduitEngine" = Conduit Engine
"Crystal Button 2008 InMotion! Pack_is1" = Crystal Button 2008 InMotion! (v.3.2)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.75
"GMailFS" = GMail Drive Shell Extension
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
"Kundli 5.0_is1" = Kundli 5.0
"Kundli for Windows (Professional Edition)" = Kundli for Windows (Professional Edition)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mobile Number Database 1.00" = Mobile Number Database 1.00
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"SiteGrinder2" = Media Lab SiteGrinder 2 (Basic & Pro)
"SiteGrinder3" = Media Lab SiteGrinder 3
"SMSCaster E-Marketer GSM Enterprise_is1" = SMSCaster E-Marketer GSM Enterprise v3.7
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"Visual Slideshow" = Visual Slideshow
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WIC" = Windows Imaging Component
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/11/2010 11:38:51 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 22/11/2010 11:38:51 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288

Error - 22/11/2010 11:38:51 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 22/11/2010 11:38:51 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288

Error - 22/11/2010 11:38:51 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 22/11/2010 11:38:52 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288

Error - 22/11/2010 11:38:52 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 22/11/2010 11:38:52 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 288

Error - 22/11/2010 11:38:52 AM | Computer Name = ADHUNIK-ECD7422 | Source = Protexis Licensing Service | ID = 49
Description = Failed to Release Mutex Error ID = Returned Error 1

Error - 24/11/2010 12:58:37 PM | Computer Name = ADHUNIK-ECD7422 | Source = VSTO 3.0 | ID = 135168
Description =

[ OSession Events ]
Error - 01/09/2010 7:26:17 AM | Computer Name = ADHUNIK-ECD7422 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/09/2010 3:48:46 AM | Computer Name = ADHUNIK-ECD7422 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/11/2010 2:24:08 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 23/11/2010 2:24:08 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 23/11/2010 2:24:08 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 23/11/2010 2:29:02 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7000
Description = The XMail Server service failed to start due to the following error:
%%2

Error - 23/11/2010 2:29:02 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 23/11/2010 10:58:29 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7000
Description = The XMail Server service failed to start due to the following error:
%%2

Error - 23/11/2010 10:58:29 AM | Computer Name = ADHUNIK-ECD7422 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 23/11/2010 11:18:49 AM | Computer Name = ADHUNIK-ECD7422 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSUSBEXDISK\0000 disappeared from the system
without first being prepared for removal.

Error - 23/11/2010 11:18:49 AM | Computer Name = ADHUNIK-ECD7422 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SZKG5\0000 disappeared from the system without
first being prepared for removal.

Error - 23/11/2010 11:18:49 AM | Computer Name = ADHUNIK-ECD7422 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SZKGFS\0000 disappeared from the system without
first being prepared for removal.


< End of report >




COMBOFIX LOG HERE


ComboFix 10-11-22.05 - Rudra 25/11/2010 11:43:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1547 [GMT 5.5:30]
Running from: c:\documents and settings\Rudra\Desktop\george.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-23 15:38 . 2010-11-23 15:38 -------- d-----w- c:\documents and settings\Rudra\Application Data\Malwarebytes
2010-11-23 15:38 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 15:38 . 2010-11-23 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 15:38 . 2010-11-23 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-23 15:38 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 15:09 . 2010-11-23 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-11-23 15:09 . 2010-11-23 15:09 -------- d-----w- c:\program files\Autorun Eater
2010-11-23 15:02 . 2010-11-23 15:02 -------- d-----w- C:\_OTL
2010-11-23 10:37 . 2010-11-23 10:37 -------- d-----w- c:\program files\VaxTech
2010-11-23 06:24 . 2010-11-23 06:24 -------- d-----w- C:\_OTM
2010-11-22 16:32 . 2010-11-22 16:33 -------- d-----w- c:\windows\system32\NtmsData
2010-11-22 15:37 . 2010-11-23 05:37 -------- d-----w- c:\documents and settings\Rudra\Local Settings\Application Data\Conduit
2010-11-22 15:37 . 2010-11-22 15:37 -------- d-----w- c:\program files\Conduit
2010-11-22 15:37 . 2010-11-23 05:37 -------- d-----w- c:\documents and settings\Rudra\Local Settings\Application Data\BitTorrentBar
2010-11-22 15:37 . 2010-11-23 15:02 -------- d-----w- c:\program files\BitTorrentBar
2010-11-22 10:46 . 2010-11-22 10:46 -------- d-----w- c:\program files\Common Files\iS3
2010-11-22 10:46 . 2010-11-22 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-11-21 11:30 . 2010-11-21 11:40 21688030 ----a-w- c:\documents and settings\Rudra\video_21-11-2010(17.00.27).tmp
2010-11-21 11:16 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-18 07:52 . 2010-11-18 07:52 -------- d-----w- c:\program files\Common Files\Java
2010-11-18 07:51 . 2010-11-18 07:51 -------- d-----w- c:\windows\Sun
2010-11-18 07:51 . 2010-11-18 07:51 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-18 07:51 . 2010-11-18 07:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-18 07:51 . 2010-11-18 07:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 07:51 . 2010-11-18 07:51 -------- d-----w- c:\program files\Java
2010-11-14 10:48 . 2010-11-14 10:48 -------- d-----w- c:\program files\SUPER NOVA
2010-11-14 10:03 . 2010-11-14 10:03 -------- d-----w- c:\program files\Ipiya
2010-11-12 08:23 . 2010-11-12 08:23 -------- d-----w- c:\program files\Bonjour
2010-11-12 08:15 . 2010-11-12 08:15 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-30 11:12 . 2010-10-30 11:12 -------- d-----w- c:\program files\Trend Micro
2010-10-30 11:11 . 2010-10-30 11:11 -------- d-----w- C:\RRTVAULT
2010-10-30 09:52 . 2004-08-04 04:56 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-30 09:18 . 2010-10-30 09:18 -------- d-----w- c:\documents and settings\Rudra\Application Data\PC Suite
2010-10-30 09:18 . 2010-10-30 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-10-30 09:14 . 2007-05-02 11:01 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-10-30 09:14 . 2007-09-17 10:23 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-30 09:12 . 2009-03-20 04:31 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-10-30 09:12 . 2009-03-20 04:31 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-10-30 09:12 . 2009-03-20 04:31 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-10-30 09:12 . 2009-03-20 04:31 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-10-30 09:11 . 2010-10-30 09:16 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-10-30 09:11 . 2010-10-30 09:11 -------- d-----w- c:\program files\DIFX
2010-10-30 09:11 . 2010-11-09 12:02 -------- d-----w- c:\documents and settings\Rudra\Application Data\Samsung
2010-10-30 09:10 . 2010-11-09 12:00 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-30 09:09 . 2010-11-22 06:47 -------- d-----w- c:\program files\Samsung
2010-10-28 06:15 . 2010-10-28 06:15 -------- d-----w- c:\documents and settings\Rudra\Local Settings\Application Data\Help
2010-10-28 06:09 . 2010-10-28 06:07 720896 ----a-w- c:\windows\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 10:20 . 2010-09-26 10:20 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-09-26 10:19 . 2010-09-26 10:19 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-09-26 10:18 . 2010-09-26 10:18 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-09-20 10:01 . 2010-07-08 03:43 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-20 10:01 . 2010-07-08 03:43 88 --sh--r- c:\documents and settings\All Users\Application Data\28BF592721.sys
2010-09-10 18:11 . 2010-09-10 18:11 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 18:10 . 2010-09-10 18:10 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 18:10 . 2010-09-10 18:10 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 18:10 . 2010-09-10 18:10 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 18:10 . 2010-09-10 18:10 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-07 15:12 . 2010-07-21 07:37 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-21 07:21 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-21 07:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-21 07:22 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-07-21 07:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-07-21 07:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-07-21 07:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-21 07:22 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-07-21 07:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

((((((((((((((((((((((((((((( [email protected]_15.24.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-25 05:30 . 2010-11-25 05:30 16384 c:\windows\Temp\Perflib_Perfdata_658.dat
+ 2010-11-05 11:51 . 2010-11-24 08:41 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
- 2010-11-05 11:51 . 2010-11-05 11:51 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2007-02-20 10:34 . 2010-11-24 08:41 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-07-06 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 17:37 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 23:17 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMDownloading your update...1285781003180]
2010-01-13 11:41 95592 ----a-w- c:\program files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-07-06 23:18 2803200 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-09 18:56 136176 ----atw- c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-11-24 22:30 173592 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-11-24 22:30 141336 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 11:57 5248312 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveReportAgent]
2010-08-10 10:20 202240 ----a-w- c:\program files\Common Files\Motive\McciBootStrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-11-24 22:30 141336 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 23:45 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 12:34 2879488 ----a-w- c:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"h:\\SOFTWARES\\Tally\\tally9.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/07/2010 12:52 PM 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 11:40 PM 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 11:40 PM 25240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/07/2010 12:52 PM 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/07/2010 6:07 AM 136176]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [30/10/2010 2:42 PM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [30/10/2010 2:42 PM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [30/10/2010 2:42 PM 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:37]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 00:37]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003Core.job
- c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 18:56]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-725345543-1003UA.job
- c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 18:56]
.
.
------- Supplementary Scan -------
.
TCP: {1BA601DE-2A76-4CB3-ACB7-9CE6EC5EFDC8} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\Rudra\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 11:48
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
c:\program files\Common Files\Corel\Shared\Shell Extension\FileInfoProvider.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2010-11-25 11:50:20
ComboFix-quarantined-files.txt 2010-11-25 06:20
ComboFix2.txt 2010-11-23 15:31

Pre-Run: 2,301,272,064 bytes free
Post-Run: 2,289,528,832 bytes free

- - End Of File - - BE7EC5C42FC71F2C4D891D50E64E9A9A


FLASH DISINFECTOR RAN SMOOTHLY THIS TIME thanks ;)

sry to say but, i havent installed SP3 before. :D
googling about this.
  • 0

#7
RKinner
Posted 25 November 2010 - 07:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,446 posts
  • MVP
Uninstall these three:

"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"conduitEngine" = Conduit Engine

Run TDSSKiller again and post the latest log.

Run GMER:

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Run MBRCheck:

Please download MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe
to your desktop.

* Double click to run it
* It will prompt you with some text
* A text file will be generated on your desktop
* Now paste that text here for me.

Run BitDefender Quickscan:

http://quickscan.bitdefender.com/

When it finishes there is a report option. Please copy and paste the report into a reply.

Clean up System Restore:
http://forum.aumha.o...581099691bf108f

Are you still getting redirected? Reset your router by holding the reset button on the back for 30 seconds. (Make sure you know how it is set up before you reset it if you use wireless or it connects directly to Cable or DSL without a separate modem. You will need to change the password immediately then put back in any customizations)

Ron
  • 0

#8
prince kapoor
Posted 28 November 2010 - 05:07 AM

prince kapoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hello,

1).Wasnt able to install "bit torrent toolber" as it says "Could not open INSTALL.LOG file"

2).TDS KILLER log here


2010/11/27 15:56:52.0171 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/27 15:56:52.0171 ================================================================================
2010/11/27 15:56:52.0171 SystemInfo:
2010/11/27 15:56:52.0171
2010/11/27 15:56:52.0171 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/27 15:56:52.0171 Product type: Workstation
2010/11/27 15:56:52.0171 ComputerName: ADHUNIK-ECD7422
2010/11/27 15:56:52.0171 UserName: Rudra
2010/11/27 15:56:52.0171 Windows directory: C:\WINDOWS
2010/11/27 15:56:52.0171 System windows directory: C:\WINDOWS
2010/11/27 15:56:52.0171 Processor architecture: Intel x86
2010/11/27 15:56:52.0171 Number of processors: 1
2010/11/27 15:56:52.0171 Page size: 0x1000
2010/11/27 15:56:52.0171 Boot type: Normal boot
2010/11/27 15:56:52.0171 ================================================================================
2010/11/27 15:56:52.0875 Initialize success
2010/11/27 15:56:54.0265 ================================================================================
2010/11/27 15:56:54.0265 Scan started
2010/11/27 15:56:54.0265 Mode: Manual;
2010/11/27 15:56:54.0265 ================================================================================
2010/11/27 15:56:55.0093 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/27 15:56:55.0156 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/27 15:56:55.0203 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/27 15:56:55.0250 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/11/27 15:56:55.0281 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/11/27 15:56:55.0390 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/27 15:56:55.0390 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/27 15:56:55.0421 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/27 15:56:55.0453 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/27 15:56:55.0484 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/27 15:56:55.0531 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/27 15:56:55.0562 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/27 15:56:55.0593 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/27 15:56:55.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/27 15:56:55.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/27 15:56:55.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/27 15:56:55.0906 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/27 15:56:55.0921 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/27 15:56:55.0953 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/27 15:56:56.0031 cmdGuard (bbe9f023dfd2c4d2755da3fa47e4da08) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2010/11/27 15:56:56.0078 cmdHlp (111e6755acb5f236e2465e24508f6367) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2010/11/27 15:56:56.0187 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/27 15:56:56.0234 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/27 15:56:56.0265 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/27 15:56:56.0312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/27 15:56:56.0343 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/27 15:56:56.0390 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/27 15:56:56.0453 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/27 15:56:56.0484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/27 15:56:56.0515 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/27 15:56:56.0546 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/27 15:56:56.0593 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/27 15:56:56.0625 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/27 15:56:56.0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/27 15:56:56.0656 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/11/27 15:56:56.0687 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/27 15:56:56.0734 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/27 15:56:56.0843 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/27 15:56:57.0156 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/27 15:56:57.0203 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/27 15:56:57.0218 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/27 15:56:57.0265 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/27 15:56:57.0484 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/27 15:56:57.0640 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/27 15:56:57.0750 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/27 15:56:57.0828 Inspect (343ac4733c1e8b7ab6454178e4fcd4ad) C:\WINDOWS\system32\DRIVERS\inspect.sys
2010/11/27 15:56:57.0953 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/27 15:56:58.0046 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/27 15:56:58.0078 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/27 15:56:58.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/27 15:56:58.0125 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/27 15:56:58.0156 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/27 15:56:58.0578 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/27 15:56:58.0625 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/27 15:56:58.0656 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/27 15:56:58.0687 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/27 15:56:58.0734 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/27 15:56:58.0750 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/27 15:56:58.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/27 15:56:58.0875 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/27 15:56:58.0890 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/27 15:56:58.0937 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/27 15:56:58.0953 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/27 15:56:59.0046 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2010/11/27 15:56:59.0078 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2010/11/27 15:56:59.0109 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/27 15:56:59.0156 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/27 15:56:59.0187 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/27 15:56:59.0234 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/27 15:56:59.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/27 15:56:59.0281 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/27 15:56:59.0312 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/27 15:56:59.0343 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/27 15:56:59.0375 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/27 15:56:59.0406 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/27 15:56:59.0437 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/27 15:56:59.0453 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/27 15:56:59.0468 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/27 15:56:59.0500 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/27 15:56:59.0531 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/27 15:56:59.0578 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/27 15:56:59.0609 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/27 15:56:59.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/27 15:56:59.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/27 15:56:59.0687 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/27 15:56:59.0734 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/27 15:56:59.0750 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/27 15:56:59.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/27 15:56:59.0812 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/27 15:56:59.0828 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/27 15:56:59.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/27 15:56:59.0890 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/27 15:57:00.0031 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/27 15:57:00.0046 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/27 15:57:00.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/27 15:57:00.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/27 15:57:00.0187 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/27 15:57:00.0218 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/27 15:57:00.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/27 15:57:00.0265 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/27 15:57:00.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/27 15:57:00.0328 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/27 15:57:00.0359 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/27 15:57:00.0390 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/27 15:57:00.0453 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/27 15:57:00.0500 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/27 15:57:00.0531 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/27 15:57:00.0562 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/27 15:57:00.0593 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/27 15:57:00.0687 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/11/27 15:57:00.0718 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/27 15:57:00.0750 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/27 15:57:00.0781 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/27 15:57:00.0828 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2010/11/27 15:57:00.0843 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2010/11/27 15:57:00.0875 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2010/11/27 15:57:00.0890 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/27 15:57:00.0921 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/27 15:57:01.0031 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/27 15:57:01.0093 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/27 15:57:01.0125 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/27 15:57:01.0156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/27 15:57:01.0171 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/27 15:57:01.0250 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/27 15:57:01.0296 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/27 15:57:01.0343 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/27 15:57:01.0375 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/27 15:57:01.0406 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/27 15:57:01.0421 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/27 15:57:01.0453 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/27 15:57:01.0484 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/27 15:57:01.0500 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/27 15:57:01.0546 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/27 15:57:01.0578 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/27 15:57:01.0625 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/27 15:57:01.0687 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/27 15:57:02.0140 ================================================================================
2010/11/27 15:57:02.0140 Scan finished
2010/11/27 15:57:02.0140 ================================================================================



GMER LOG


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-27 16:11:33
Windows 5.1.2600 Service Pack 2
Running: 1s6hfzl3.exe


---- Files - GMER 1.0.15 ----

File C:\Qoobox\BackEnv\Music.folder.dat 73 bytes
File C:\Qoobox\BackEnv\AppData.folder.dat 228 bytes
File C:\Qoobox\BackEnv\Cache.folder.dat 323 bytes
File C:\Qoobox\BackEnv\Cookies.folder.dat 145 bytes
File C:\Qoobox\BackEnv\Desktop.folder.dat 90 bytes
File C:\Qoobox\BackEnv\Favorites.folder.dat 94 bytes
File C:\Qoobox\BackEnv\History.folder.dat 190 bytes
File C:\Qoobox\BackEnv\LocalAppData.folder.dat 217 bytes
File C:\Qoobox\BackEnv\LocalSettings.folder.dat 225 bytes
File C:\Qoobox\BackEnv\NetHood.folder.dat 43 bytes
File C:\Qoobox\BackEnv\Personal.folder.dat 56 bytes
File C:\Qoobox\BackEnv\Pictures.folder.dat 79 bytes
File C:\Qoobox\BackEnv\PrintHood.folder.dat 99 bytes
File C:\Qoobox\BackEnv\Profiles.Folder.dat 267 bytes
File C:\Qoobox\BackEnv\Profiles.Folder.folder.dat 467 bytes
File C:\Qoobox\BackEnv\Programs.folder.dat 178 bytes
File C:\Qoobox\BackEnv\Recent.folder.dat 93 bytes
File C:\Qoobox\BackEnv\SendTo.folder.dat 93 bytes
File C:\Qoobox\BackEnv\SetPath.bat 5483 bytes
File C:\Qoobox\BackEnv\StartMenu.folder.dat 96 bytes
File C:\Qoobox\BackEnv\StartUp.folder.dat 200 bytes
File C:\Qoobox\BackEnv\SysPath.dat 2054 bytes
File C:\Qoobox\BackEnv\Templates.folder.dat 94 bytes
File C:\Qoobox\BackEnv\VikPev00 2189 bytes
File D:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File D:\System Volume Information\tracking.log 20480 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B} 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82\change.log.1 14422 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90\change.log.1 760 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90\RestorePointSize 8 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91 0 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91\change.log 178446 bytes
File D:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91\change.log.1 760 bytes
File D:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C} 0 bytes
File D:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135 0 bytes
File D:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\A0118739.ini 65 bytes
File D:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\change.log.1 10450 bytes
File D:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\RestorePointSize 8 bytes
File E:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File E:\System Volume Information\tracking.log 20480 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B} 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82\change.log.1 14422 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90\change.log.1 760 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90\RestorePointSize 8 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91 0 bytes
File E:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91\change.log 760 bytes
File E:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C} 0 bytes
File F:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File F:\System Volume Information\tracking.log 20480 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B} 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP81\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82\change.log.1 14422 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP82\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP83\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP84\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP85\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP86\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP87\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP88\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP89\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90\change.log.1 760 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP90\RestorePointSize 8 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91 0 bytes
File F:\System Volume Information\_restore{3909D09A-206D-41F0-995B-77DCE4A6FB6B}\RP91\change.log 760 bytes
File F:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C} 0 bytes
File F:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135 0 bytes
File F:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\A0118740.ini 65 bytes
File F:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\change.log.1 3844 bytes
File F:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\RestorePointSize 8 bytes
File G:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File G:\System Volume Information\tracking.log 20480 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C} 0 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135 0 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\A0118741.ini 65 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\change.log.1 7090 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\RestorePointSize 8 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP137 0 bytes
File G:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP137\change.log 516 bytes
File H:\RECYCLER\S-1-5-21-1659004503-573735546-839522115-1005 0 bytes
File H:\RECYCLER\S-1-5-21-1659004503-573735546-839522115-1005\desktop.ini 65 bytes
File H:\RECYCLER\S-1-5-21-1659004503-573735546-839522115-1005\INFO2 20 bytes
File H:\RECYCLER\S-1-5-21-746137067-1682526488-839522115-1003 0 bytes
File H:\RECYCLER\S-1-5-21-746137067-1682526488-839522115-1003\desktop.ini 65 bytes
File H:\RECYCLER\S-1-5-21-746137067-1682526488-839522115-1003\INFO2 20 bytes
File I:\System Volume Information\MountPointManagerRemoteDatabase 0 bytes
File I:\System Volume Information\tracking.log 20480 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C} 0 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135 0 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\change.log.1 2494 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP135\RestorePointSize 8 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP136 0 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP136\change.log.1 822 bytes
File I:\System Volume Information\_restore{5AC0569C-1E28-4A4E-835B-A48C9287791C}\RP136\RestorePointSize 8 bytes

---- EOF - GMER 1.0.15 ----




MBR LOG


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000015fc

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEC000 fltMgr.sys
0xB9EDA000 sr.sys
0xB9EC3000 KSecDD.sys
0xB9E36000 Ntfs.sys
0xB9E21000 inspect.sys
0xB9DF4000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA5AE000 speedfan.sys
0xB9DD9000 Mup.sys
0xBA671000 giveio.sys
0xBA128000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9795000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9781000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB975C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB973F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA360000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB971C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA368000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA138000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA564000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB96E0000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA148000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA378000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA178000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB96BD000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA7D3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA188000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA578000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB96A6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9695000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9664000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5B4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9630000 \SystemRoot\system32\DRIVERS\update.sys
0xBA598000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA90B4000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA9092000 \SystemRoot\system32\drivers\portcls.sys
0xBA1F8000 \SystemRoot\system32\drivers\drmk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8F69000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA5C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA694000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA400000 \SystemRoot\System32\drivers\vga.sys
0xBA5CA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA410000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA420000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA580000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8F36000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8EDE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA438000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xA8EBD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA218000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8E6D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8E4B000 \SystemRoot\System32\drivers\afd.sys
0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8E1F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8DB0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA248000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8D89000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA460000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA8FCE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA8FC6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA298000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8D3E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8D26000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5D8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA358000 \SystemRoot\System32\watchdog.sys
0xA8FB2000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7EA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8FAA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA8C66000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA89EF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA867A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5F0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA854D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA86F7000 \SystemRoot\system32\drivers\sysaudio.sys
0xA83BD000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8032000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA450000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA7DE0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xBA3B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA671F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
712 C:\WINDOWS\system32\smss.exe
768 csrss.exe
792 C:\WINDOWS\system32\winlogon.exe
836 C:\WINDOWS\system32\services.exe
848 C:\WINDOWS\system32\lsass.exe
996 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1116 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1180 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1512 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1588 C:\WINDOWS\explorer.exe
1800 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1808 C:\Program Files\Autorun Eater\oldmcdonald.exe
1816 C:\Program Files\DAP\DAP.exe
1824 C:\WINDOWS\system32\ctfmon.exe
1848 C:\Program Files\Autorun Eater\billy.exe
220 C:\WINDOWS\system32\spoolsv.exe
364 C:\Program Files\Bonjour\mDNSResponder.exe
512 C:\WINDOWS\system32\svchost.exe
544 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
580 C:\Program Files\Java\jre6\bin\jqs.exe
1020 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1352 C:\WINDOWS\system32\svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1440 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
1504 C:\WINDOWS\system32\svchost.exe
2556 alg.exe
2564 C:\WINDOWS\system32\wscntfy.exe
2748 C:\Program Files\Mozilla Firefox\firefox.exe
4008 C:\Program Files\Mozilla Firefox\plugin-container.exe
3416 C:\WINDOWS\system32\notepad.exe
2932 C:\Documents and Settings\Rudra\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000003`a9636e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x0000000f`de563a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x0000001c`13490600 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000003`e8246e00 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x0000000b`3aea4e00 (NTFS)

PhysicalDrive1 Model Number: <error opening>
PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive1 (5)
ERROR Opening: \\.\PhysicalDrive0 (5)


Done!



BITDEFENDER LOG HERE



QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Sat Nov 27 16:17:20 2010
Machine ID: 1CD25E42



No infection found.
-------------------



Processes
---------
avast! Antivirus 1512 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
avast! Antivirus 1800 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
Billy The Goat 1848 C:\Program Files\Autorun Eater\billy.exe
Bonjour 364 C:\Program Files\Bonjour\mDNSResponder.exe
COMODO Internet Security 1116 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Download Accelerator Plus (DAP) 1816 C:\Program Files\DAP\DAP.exe
Firefox 2988 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 3148 C:\Program Files\Mozilla Firefox\plugin-container.exe
Google Update 544 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
Java™ Platform SE 6 U22 580 C:\Program Files\Java\jre6\bin\jqs.exe
Microsoft® Visual Studio .NET 1020 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Microsoft® Windows® Operating System 1588 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2556 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 1824 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 3416 C:\WINDOWS\system32\notepad.exe
Microsoft® Windows® Operating System 836 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 220 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 512 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1332 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1352 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1504 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 2564 C:\WINDOWS\system32\wscntfy.exe
Old McDonald 1808 C:\Program Files\Autorun Eater\oldmcdonald.exe
PsiService System Service 1440 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


Network activity
----------------
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.164
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.83
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.100
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 74.125.164.213
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 66.220.149.32
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 74.125.19.100
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.191
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.191
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.154
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 91.199.104.31
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 67.215.65.132
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 92.123.193.183
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 66.235.142.2
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 62.41.85.88
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 208.89.14.135
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.190.85.9
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.164
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 184.86.240.74
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 66.220.149.32
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.83
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.100
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.148
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.189
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.100
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.104
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 209.85.153.83
Process AvastSvc.exe (1512) connected on port 80 (HTTP) --> 88.221.165.115
Process firefox.exe (2988) connected on port 443 (HTTP over SSL) --> 64.233.181.120

Process svchost.exe (996) listens on ports: 3389 (Terminal Server)
Process svchost.exe (1076) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
Download Accelerator Plus (DAP) C:\Program Files\DAP\DAP.exe
Google Update C:\Documents and Settings\Rudra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
GrooveShellExtensions Module c:\program files\microsoft office\office12\grooveshellextensions.dll
Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Old McDonald C:\Program Files\Autorun Eater\oldmcdonald.exe


Browser plugins
---------------
2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Documents and Settings\Rudra\Application Data\Mozilla\Firefox\Profiles\0wh9t4xs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Update C:\Documents and Settings\Rudra\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shdocvw.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll


Missing files
-------------
File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"


Scan
----


No file uploaded.

Scan finished - communication took 18 sec
Total traffic - 0.06 MB sent, 636.92 KB recvd
Scanned 1085 files and modules - 33 seconds

==============================================================================




UNFORTUNATELY I DONT THE PASSWORD OF ROUTER, SO I CANT RESET IT ;)

ANY OTHER OPTION ? ;) :D
  • 0

#9
prince kapoor
Posted 29 November 2010 - 09:23 AM

prince kapoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Rkinner,

i opened firefox in safmode, then it didnt redirected ! :D
any clues?



Prince
  • 0

#10
RKinner
Posted 01 December 2010 - 05:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,446 posts
  • MVP
Sorry for the delay. The forum notifications are not working as they should.

Are you talking about the Safe Mode option when you run Firefox from All Programs, Mozilla Firefox?
Then you have an add-on in Firefox which is doing the redirect. Tools, Add-ons and disable all add-ons, extensions, and plugins. Restart firefox. If the redirect is still gone then turn a few on at a time and restart firefox and test it again until you find the culprit.

Ron
  • 0

#11
prince kapoor
Posted 02 December 2010 - 12:00 AM

prince kapoor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
you were right RKinner the bug was in a addon named "search results optimizer" i disabled it and now its fine
yeeeee


Thanks man :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP